Really, how do you propose to crack a decent Linux password in a short enough amount of time? Owning the computer is one thing, but owning the passwords of possibly several people has implications far beyond that one computer and onto the network.
- Who says that it's even necessary to crack passwords? The intent of the intruder could be simply to get information from the machine. Which is obviously an easy thing to do, given physical access to the machine.
- Still, how would you propose cracking Windows passwords if the drive is encrypted with EFS and you don't have the public/private keys?
- Cracking passwords on a local machine doesn't mean that those same passwords are being used on a network authentication server. For example, I use a completely different password to access my local account than I use on my network.
- How do you propose to crack network passwords when cached credentials don't exist?
Yet it is inferior. Period. You bring other sensible precautions into the mix, but that is outside of the subject that Windows passwords can be easily cracked.
No, it's not inferior. As I pointed out, physical access to a machine GUARANTEES that it will be compromised. The term "inferior" isn't even relevant.
As I pointed out, physical access to a machine GUARANTEES that it will be compromised. But it doesn't guarantee that passwords will be compromised, unless it's on a Windows machine. Yes, certain things can be done to mitigate the damage -- if they're done. Until then, you're relying on a level of password security that UNIX deprecated years ago because it wasn't considered secure enough anymore.
As you supposedly know, security is the sum total of everything you do to secure a system or a network. Any one thing might sound insignificant, but it all adds up. Having passwords that are not easily cracked is one of them, and Microsoft with its lax approach to security did not see fit to implement this one simple thing that everybody else knew about long ago.